Town of Rhinebeck – Internal Controls Over Cash Management and Information Technology (2013M-36)

Issued Date
May 17, 2013

Purpose of Audit

The purpose of our audit was to examine internal controls over selected financial and operational areas for the period January 1, 2011, to June 22, 2012.

Background

The Town of Rhinebeck is located in Dutchess County. The Town is governed by an elected Town Board which comprises a Town Supervisor and four Board members. Budgeted general fund appropriations for fiscal years 2011 and 2012 were approximately $1.6 million and $1.7 million, respectively.

Key Findings

  • Town officials need to improve internal controls over cash management. Although the Board implemented a policy to segregate cash functions, the policy was inadequate and did not effectively segregate the Town Clerk’s duties.
  • Deposits in the Clerk’s office were not timely or intact.
  • Cash collected totaling $1,288 was not deposited and cannot be located by Town officials.
  • Users on each of the Town’s 15 computers were in the local administrators’ group and could therefore install unauthorized software or alter the computer configuration.
  • Although data is backed up in the Clerk’s office and Finance Department, the backups are not taken offsite to a secure location because Town officials have not established back-up procedures that would require users to take them offsite.

Key Recommendations

  • Segregate the duties in the Clerk’s office or develop compensating controls and revise the policy to address the Clerk’s duties.
  • Ensure that deposits are timely and intact in accordance with applicable laws.
  • Reconcile the Clerk’s and departments’ records and investigate discrepancies.
  • Restrict local administrator privileges by employing the concept of least privilege, limiting access to only those functions necessary to accomplish assigned tasks.
  • Establish written back-up procedures and require the media used for backups to be encrypted and stored in a secure location.